cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
441
Views
6
Helpful
6
Replies

Routing Help Please

johnnymac
Level 1
Level 1

Hi,

I am tasked with changing the routing for the server in the attached diagram. It is a citrix secure gateway.

The switch in the diag 192.168.100.23/21 is the gateway for that network and currently routes default traffic to the firewall 192.168.100.252.

What I want to achieve that is externally bound traffic from the server get routed to 192.168.100.240.

Can anyone suggest a way of doing this?

Regards

J mack

6 Replies 6

royalblues
Level 10
Level 10

What kinda switch is the gateway.

If the platform supports you can implement PBR to route traffic originated from the server to 192.168.100.240.

route-map test permit 10

match ip address 100

set ip next-hop 192.168.100.240

access-list 100 deny ip host 192.168.100.55

access-list 100 permit ip host 192.168.100.55 any

int vlan 1

ip policy route-map test

HTH, rate if it does

Narayan

Hi Narayan,

It's a Cat 3750 on 12.2. So it looks like I should be able to acheive this.

I still want the internal networks to be able to access this so do i need to ammend the access list?

Will implementing PBR affect other routes i have running.

1.0.0.0/24 is subnetted, 1 subnets

S 1.0.84.0 [1/0] via 192.168.100.240

C 192.168.210.0/24 is directly connected, Vlan2

194.130.108.0/32 is subnetted, 1 subnets

S 194.130.108.102 [1/0] via 192.168.100.240

172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks

S 172.16.4.62/32 [1/0] via 192.168.100.38

S 172.16.4.0/22 [1/0] via 192.168.100.240

C 192.168.11.0/24 is directly connected, Vlan20

S 192.168.250.0/24 [1/0] via 192.168.100.240

195.188.18.0/32 is subnetted, 2 subnets

S 195.188.18.110 [1/0] via 192.168.100.240

S 195.188.18.99 [1/0] via 192.168.100.240

C 192.168.220.0/24 is directly connected, Vlan3

C 192.168.1.0/24 is directly connected, Vlan10

S 192.168.32.0/24 [1/0] via 192.168.100.240

S* 0.0.0.0/0 [1/0] via 192.168.100.252

C 192.168.96.0/21 is directly connected, Vlan1

Or the hosts connectivity for hosts in VLAN 1?

Regards

J Mack

Yes you need to deny the internal subnets so that they are not directed towards the PBR.

Make sure you configure the proper SDM template as well to support PBR

HTH, rate if it does

Narayan

Ok thanks.

However the server is a secure gateway that needs to talk to the citrix server 192.168.100.17, is that still feasible whilst denying the rest of the subnet?

Also with regard to the SDM template do you know of any good articles i could get some more info on this?

Regards

J Mack

further to that would changing the access-list to something like this

access-list 100 permit ip host 192.168.100.55 host 192.168.100.17

access-list 100 permit ip host 192.168.100.17 host 192.168.100.55

access-list 100 deny ip host 192.168.100.55

access-list 100 permit ip host 192.168.100.55 any

enable the communication I need between those two servers?

Hi,

Just wondered if anyone could let me know if the above access-list would work? and what i should implement as an SDM template.

Regards

j Mack

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: